Security_RNRF
0x27. 본문
27. TCP Protocol introduction - bin.0x1A
: Content
-> Netcat
-> WireShack
-> strace
: After performing the first networking task in the "0x19" video, the server was first transformed.
-> The port received and connected to the port using "netcat".
-> Let's go deeper into this video and look at the TCP protocol.
-> You will see what sending packets means.
-> We use "netcat" and in many parts of actual servers used to communicate with on a series of web security.
-> Thus, "netcat" is a very convenient tool for sending TCP packets over the network.
: It is recommended to download "wireshark" to analyze packets sent to "netcat."
-> sudo apt-get install wireshark
-> In this case, the traffic is to select the machine does not leave the loopback interface.
-> select a “Loopback: lo”.
-> A loopback is similar to a virtual network interface and is not an actual physical network card.
-> This interface handles all traffic from the local computer.
-> The loopback device is a special, virtual network interface that your computer uses to communicate with itself.
-> As you know, its own system is always identified as the local host or "127.0.0.1".
: It now uses two terminal windows and starts "netcat" in listening mode in one window.(Client & Server)
-> Select a port.
(server) -> nc -l 1234
-> In other windows we can run "netcat" as in the "0x19" video and list everything.
(client) -> sudo netstat -plant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:1234 0.0.0.0:* LISTEN 22436/nc
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 404/systemd-resolve
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 448/cupsd
tcp6 0 0 ::1:631 :::* LISTEN 448/cupsd
-> There is currently a "netcat" process in the process waiting to be received on the port.
-> You can see everything by running a "netcat" server using "stace."
(server) -> strace nc -l 1234 # syscall trace
execve("/bin/nc", ["nc", "-l", "1234"], 0x7fff65848380 /* 52 vars */) = 0
brk(NULL) = 0x556ebd556000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=92451, ...}) = 0
mmap(NULL, 92451, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f2236342000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libbsd.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P4\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=80104, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2236340000
mmap(NULL, 2179152, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2235f1d000
mprotect(0x7f2235f30000, 2093056, PROT_NONE) = 0
mmap(0x7f223612f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12000) = 0x7f223612f000
mmap(0x7f2236131000, 80, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f2236131000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libresolv.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\00008\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=101168, ...}) = 0
mmap(NULL, 2206336, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2235d02000
mprotect(0x7f2235d19000, 2097152, PROT_NONE) = 0
mmap(0x7f2235f19000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7f2235f19000
mmap(0x7f2235f1b000, 6784, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f2235f1b000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260\34\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=2030544, ...}) = 0
mmap(NULL, 4131552, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2235911000
mprotect(0x7f2235af8000, 2097152, PROT_NONE) = 0
mmap(0x7f2235cf8000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1e7000) = 0x7f2235cf8000
mmap(0x7f2235cfe000, 15072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f2235cfe000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/librt.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\"\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=31680, ...}) = 0
mmap(NULL, 2128864, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2235709000
mprotect(0x7f2235710000, 2093056, PROT_NONE) = 0
mmap(0x7f223590f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f223590f000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000b\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=144976, ...}) = 0
mmap(NULL, 2221184, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f22354ea000
mprotect(0x7f2235504000, 2093056, PROT_NONE) = 0
mmap(0x7f2235703000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19000) = 0x7f2235703000
mmap(0x7f2235705000, 13440, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f2235705000
close(3) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f223633e000
arch_prctl(ARCH_SET_FS, 0x7f223633f240) = 0
mprotect(0x7f2235cf8000, 16384, PROT_READ) = 0
mprotect(0x7f2235703000, 4096, PROT_READ) = 0
mprotect(0x7f223590f000, 4096, PROT_READ) = 0
mprotect(0x7f2235f19000, 4096, PROT_READ) = 0
mprotect(0x7f223612f000, 4096, PROT_READ) = 0
mprotect(0x556ebb90e000, 4096, PROT_READ) = 0
mprotect(0x7f2236359000, 4096, PROT_READ) = 0
munmap(0x7f2236342000, 92451) = 0
set_tid_address(0x7f223633f510) = 22447
set_robust_list(0x7f223633f520, 24) = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7f22354efcb0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f22354fc890}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7f22354efd50, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f22354fc890}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[PIPE], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f223594ff20}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
brk(NULL) = 0x556ebd556000
brk(0x556ebd577000) = 0x556ebd577000
socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) = 3 # new socket
setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
setsockopt(3, SOL_SOCKET, SO_REUSEPORT, [1], 4) = 0
bind(3, {sa_family=AF_INET, sin_port=htons(1234), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 # port & address
listen(3, 1) = 0
accept4(3, # waiting for a connection
-> "netcat" is the "syscall" used to set up the server.
-> First create the socket, set some options, and then bind and listen to port "1234".
-> It is on that port and now waits for it to be connected using "accept".
-> Basically we reversing engineered the last video.
-> You can quickly check with "wireshark" and you can't see packets being transmitted.
(clinet) -> nc 127.0.0.1 1234
(server) -> Part of the server terminal window
listen(3, 1) = 0
accept4(3, {sa_family=AF_INET, sin_port=htons(52156), sin_addr=inet_addr("127.0.0.1")}, [128->16], SOCK_NONBLOCK) = 4
poll([{fd=0, events=POLLIN}, {fd=4, events=0}, {fd=4, events=POLLIN}, {fd=1, events=0}], 4, -1
-> You can see what is now returned on the server because the client has agreed to the server.
-> Now there are three items in "wireshark."
(ws) -> “wireshark” program
1 0.000000000 127.0.0.1 127.0.0.1 TCP 74 52182 → 1234 [SYN] Seq=0 Win=65495 Len=0 MSS=65495 SACK_PERM=1 TSval=2246044695 TSecr=0 WS=128
2 0.000010305 127.0.0.1 127.0.0.1 TCP 74 1234 → 52182 [SYN, ACK] Seq=0 Ack=1 Win=65483 Len=0 MSS=65495 SACK_PERM=1 TSval=2246044695 TSecr=2246044695 WS=128 # server -> client
3 0.000019247 127.0.0.1 127.0.0.1 TCP 66 52182 → 1234 [ACK] Seq=1 Ack=1 Win=65536 Len=0 TSval=2246044695 TSecr=2246044695
-> 4 Layers
Frame 3: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)
Source: 00:00:00_00:00:00 (00:00:00:00:00:00)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.1 # IP Layer
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
Total Length: 52
Identification: 0xc49e (50334)
Flags: 0x4000, Don't fragment
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x7823 [validation disabled]
[Header checksum status: Unverified]
Source: 127.0.0.1
Destination: 127.0.0.1
Transmission Control Protocol, Src Port: 52182, Dst Port: 1234, Seq: 1, Ack: 1, Len: 0
Source Port: 52182
Destination Port: 1234
[Stream index: 0]
[TCP Segment Len: 0]
Sequence number: 1 (relative sequence number)
[Next sequence number: 1 (relative sequence number)]
Acknowledgment number: 1 (relative ack number)
1000 .... = Header Length: 32 bytes (8)
Flags: 0x010 (ACK)
Window size value: 512
[Calculated window size: 65536]
[Window size scaling factor: 128]
Checksum: 0xfe28 [unverified]
[Checksum Status: Unverified]
Urgent pointer: 0
Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
[SEQ/ACK analysis]
[Timestamps]
-> hexdump & binary
0000 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 ..............E. # ethernet Layer
0010 00 34 c4 9e 40 00 40 06 78 23 7f 00 00 01 7f 00 .4Ä.@.@.x#......
0020 00 01 cb d6 04 d2 e1 12 9e 9e b2 da 51 1d 80 10 ..ËÖ.Òá...²ÚQ...
0030 02 00 fe 28 00 00 01 01 08 0a 85 df ec 17 85 df ..þ(.......ßì..ß
0040 ec 17 ì.
-> As you can see in the lowest window, packets are only binary data.(= hexdump of raw packet bytes.)
-> And binary data means that we can analyze and display well with "wireshark."
-> So in the window above we can see decoded packets and are divided into layers.
-> The Ethernet layer is all "0" because this packet hasn't left our machine.
-> In general, "mac" addresses in a switch or router can be found.
-> Thus, a layer is used only between two direct links.
-> In addition to the "mac" address, this layer includes "TYPE".
-> This indicates that the type is set to hexadecimal "0x0800" and that the next layer is the "IPv4" layer.
-> "Wireshark" sees this and knows how to decode the next byte.
-> When you click on the next layer, "wireshark" highlights the bytes in the packet.
-> It is then possible to identify the method determined in layer 4 of the "IPv4" version.
-> The first four bits of this byte are "4".
-> You can see the source and destination "IP" here.
-> Thus, the Ethernet layer with the "mac" address is concerned with direct connections, but the "IP" layer can contain addresses that are very far from the Internet, and the switch is delivered until this packet reaches that system.
-> This layer contains information about the layer later, which is a protocol.
-> In this case, "6".
-> This means that the content of this "IP" layer is a "TCP" header.
-> "IP" and "TCP" are generally very common because they are usually always together.
-> It says there is a "TCP" layer in the "IP" layer.
-> The Ethernet layer helped move from machine to machine, and the "IP" layer helped identify which machine was its actual destination, and the "TCP" layer now helped identify which machine.
-> The program or process of this machine handles this packet.
-> The program or process of this machine handles this packet. And it is identified by the port number.
-> Here you can see that the destination port is set to "1234".
-> You can also see the source port here.
-> This port can receive the required response.
-> Therefore, when the server responds with packets, the client uses this port to receive them.
-> The machine knows which processes receive this response.
-> And it's usually a random high port number.
: Anyway, now we must have understood how the whole "TCP" packet is constructed.
: Protocols represent a set of rules on how to communicate with other computers.
-> Works when the client and server agree on how to send and receive data.
-> What we're going to see now is someone's idea of creating a data link.
: We know that three packets have been exchanged.
-> First, the client sent a "SYN" packet, a synchronization packet.
-> And the server responded with a "SYN, ACK" packet.
-> And I admit that I received it.
-> This is important because the initial packet did not arrive.
-> Therefore, when you receive a response as a client, you can see that the server has received the message.
-> This means that the client now knows that the connection is working.
-> But from the server's point of view, the server is still there.
-> The packet was successful.
-> The server can only receive packets, but not send them.
-> Therefore, the client responded to the "SYN, ACK" packet with the "ACK" packet and the server responded, and now both parties are assured.
-> The packets were successfully exchanged.
-> Now you can communicate data with other machines.
-> And this is all done transparently.
-> You don't have to make this packet yourself.
-> Just open the socket and wait for the connection.
: Now let's send data from the client to the server.
(client) -> A MESSAGE FROM THE CLINET!
(server) -> accept4(3, {sa_family=AF_INET, sin_port=htons(52182), sin_addr=inet_addr("127.0.0.1")}, [128->16], SOCK_NONBLOCK) = 4
poll([{fd=0, events=POLLIN}, {fd=4, events=0}, {fd=4, events=POLLIN}, {fd=1, events=0}], 4, -1) = 1 ([{fd=4, revents=POLLIN}])
read(4, "A MESSAGE FROM THE CLINET!\n", 16384) = 27
poll([{fd=0, events=POLLIN}, {fd=4, events=0}, {fd=4, events=POLLIN}, {fd=1, events=POLLOUT}], 4, -1) = 1 ([{fd=1, revents=POLLOUT}])
write(1, "A MESSAGE FROM THE CLINET!\n", 27A MESSAGE FROM THE CLINET!
) = 27
poll([{fd=0, events=POLLIN}, {fd=4, events=0}, {fd=4, events=POLLIN}, {fd=1, events=0}], 4, -1
-> You can see that the lines sent by the server can be read immediately.
-> So what does "wireshark" look like?
(ws) -> 42 2658.066233434 127.0.0.1 127.0.0.1 TCP 93 52182 → 1234 [PSH, ACK] Seq=1 Ack=1 Win=65536 Len=27 TSval=2248702761 TSecr=2246044695
43 2658.066244505 127.0.0.1 127.0.0.1 TCP 66 1234 → 52182 [ACK] Seq=1 Ack=28 Win=65536 Len=0 TSval=2248702761 TSecr=2248702761
(PSH, ACK) -> 4 Layers
Frame 42: 93 bytes on wire (744 bits), 93 bytes captured (744 bits) on interface 0
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.1
Transmission Control Protocol, Src Port: 52182, Dst Port: 1234, Seq: 1, Ack: 1, Len: 27
Data (27 bytes)
Data: 41204d4553534147452046524f4d2054484520434c494e45...
[Length: 27]
-> Hexdump & binary
0000 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 ..............E.
0010 00 4f c4 9f 40 00 40 06 78 07 7f 00 00 01 7f 00 .OÄ.@.@.x.......
0020 00 01 cb d6 04 d2 e1 12 9e 9e b2 da 51 1d 80 18 ..ËÖ.Òá...²ÚQ...
0030 02 00 fe 43 00 00 01 01 08 0a 86 08 7b 29 85 df ..þC........{).ß
0040 ec 17 41 20 4d 45 53 53 41 47 45 20 46 52 4f 4d ì.A MESSAGE FROM
0050 20 54 48 45 20 43 4c 49 4e 45 54 21 0a THE CLINET!.
-> Two new packet is visible.
-> The "PSH, ACK" packet from the client to the server is visible.
-> The client's packets also now have an additional "DATA" layer.
-> And the data layer includes only the raw bytes we sent.
-> The server then responds with "ACK" to inform the client that the packet has arrived successfully.
(ACK) -> 4 Layers
Frame 43: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.1
Transmission Control Protocol, Src Port: 1234, Dst Port: 52182, Seq: 1, Ack: 28, Len: 0
Source Port: 1234
Destination Port: 52182
[Stream index: 0]
[TCP Segment Len: 0]
Sequence number: 1 (relative sequence number)
[Next sequence number: 1 (relative sequence number)]
Acknowledgment number: 28 (relative ack number)
1000 .... = Header Length: 32 bytes (8)
Flags: 0x010 (ACK)
Window size value: 512
[Calculated window size: 65536]
[Window size scaling factor: 128]
Checksum: 0xfe28 [unverified]
[Checksum Status: Unverified]
Urgent pointer: 0
Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
[SEQ/ACK analysis]
[Timestamps]
-> Hexdump & binary
0000 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 ..............E.
0010 00 34 0b 1d 40 00 40 06 31 a5 7f 00 00 01 7f 00 .4..@.@.1¥......
0020 00 01 04 d2 cb d6 b2 da 51 1d e1 12 9e b9 80 10 ...ÒËÖ²ÚQ.á..¹..
0030 02 00 fe 28 00 00 01 01 08 0a 86 08 7b 29 86 08 ..þ(........{)..
0040 7b 29 {)
: Now let's send a response from the server.
(server) -> poll([{fd=0, events=POLLIN}, {fd=4, events=0}, {fd=4, events=POLLIN}, {fd=1, events=0}], 4, -1HACK THE PLANET!!!(Enter Key)
(client) -> nc 127.0.0.1 1234
A MESSAGE FROM THE CLINET!
HACK THE PLANET!!!
-> The server wrote text in the file descriptor "4," which is simply a file descriptor.
(server) -> listen(3, 1) = 0
accept4(3, {sa_family=AF_INET, sin_port=htons(52156), sin_addr=inet_addr("127.0.0.1")}, [128->16], SOCK_NONBLOCK) = 4
poll([{fd=0, events=POLLIN}, {fd=4, events=0}, {fd=4, events=POLLIN}, {fd=1, events=0}], 4, -1HACK THE PLANET!!!
) = 1 ([{fd=0, revents=POLLIN}])
read(0, "HACK THE PLANET!!!\n", 16384) = 19
poll([{fd=0, events=POLLIN}, {fd=4, events=POLLOUT}, {fd=4, events=POLLIN}, {fd=1, events=0}], 4, -1) = 1 ([{fd=4, revents=POLLOUT}])
write(4, "HACK THE PLANET!!!\n", 19) = 19
poll([{fd=0, events=POLLIN}, {fd=4, events=0}, {fd=4, events=POLLIN}, {fd=1, events=0}], 4, -1
-> As you can see, the application simply sent it over the network of its "caseudo" file, its socket, etc.
: Let's check out what we've done with "wireshark" again.
-> 56 3537.127676650 127.0.0.1 127.0.0.1 TCP 85 1234 → 52182 [PSH, ACK] Seq=1 Ack=28 Win=65536 Len=19 TSval=2249581822 TSecr=2248702761
57 3537.127688028 127.0.0.1 127.0.0.1 TCP 66 52182 → 1234 [ACK] Seq=28 Ack=20 Win=65536 Len=0 TSval=2249581822 TSecr=2249581822
-> "psh, ack" packets to a client.
(PSH, ACK) -> 4 Layers
Frame 56: 85 bytes on wire (680 bits), 85 bytes captured (680 bits) on interface 0
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.1
Transmission Control Protocol, Src Port: 1234, Dst Port: 52182, Seq: 1, Ack: 28, Len: 19
Data (19 bytes)
Data: 4841434b2054484520504c414e45542121210a
[Length: 19]
-> Hexdump & binary
0000 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 ..............E.
0010 00 47 0b 1e 40 00 40 06 31 91 7f 00 00 01 7f 00 .G..@.@.1.......
0020 00 01 04 d2 cb d6 b2 da 51 1d e1 12 9e b9 80 18 ...ÒËÖ²ÚQ.á..¹..
0030 02 00 fe 3b 00 00 01 01 08 0a 86 15 e4 fe 86 08 ..þ;........äþ..
0040 7b 29 48 41 43 4b 20 54 48 45 20 50 4c 41 4e 45 {)HACK THE PLANE
0050 54 21 21 21 0a T!!!.
-> The caution here is that the packet size is limited.
: Suppose you upload a large file somewhere, what happens when you send a large amount of data.
(client) -> nc 127.0.0.1 1234
A MESSAGE FROM THE CLINET!
HACK THE PLANET!!! AAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEFFFFFFFFFFFFFFFFFFFFFFFFFFF
-> Two or more packets are visible in "wireshark".
-> After the server checked the first packet, the next remaining packet was sent.
: Let's see what happens when you kill a client.
(client) -> CTRL+C
(ws) 72 4577.342413718 127.0.0.1 127.0.0.1 TCP 66 52182 → 1234 [FIN, ACK] Seq=4124 Ack=20 Win=65536 Len=0 TSval=2250622037 TSecr=2250334940
73 4577.343580978 127.0.0.1 127.0.0.1 TCP 66 1234 → 52182 [FIN, ACK] Seq=20 Ack=4125 Win=65536 Len=0 TSval=2250622038 TSecr=2250622037
74 4577.343598593 127.0.0.1 127.0.0.1 TCP 66 52182 → 1234 [ACK] Seq=4125 Ack=21 Win=65536 Len=0 TSval=2250622038 TSecr=2250622038
-> "wireshark" indicates that a "FIN" packet has been sent.
: This entire exchange is referred to as the "TCP" stream.
-> After establishing the connection, exchange the data, and then terminate the connection.
-> And with "wireshark" you can investigate this stream," said the follow TCP stream.
-> Only the person who sent the data here can see the data and is color coded.
: Now you will have to watch my "HTTP" protocol video in the web security series.
-> Now you will understand much better what it means to have servers and clients.
-> And that "HTTP" is just data transmitted through "TCP."
-> browsers and web servers are special programs that do special things.